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DETAILED ACTION 

1. Claims 1-9 are pending. 

2. The application is filed on 07/22/2004 but claims the benefit of Foreign Priority 
has been made and acknowledged. Therefore, the effective filing date for the subject 
matter defined in the pending claims in this application is 02/01/2002. 

Claim Objections 

3. Claims 1-9 are objected because the preambles cite "method" and "device" are 
incorrect. The examiner interprets as "a method" and "a device". Appropriate correction 
is required. 

Claim Rejections - 35 USC § 112 

4. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

5. Claims 1 and 4 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

6. Claim 1 recites the limitation "transmitted messages" in line 9. There is 
insufficient antecedent basis for this limitation in the claim. 

7. Claim 4 recites the limitation "transmitted messages" in line 9. There is 
insufficient antecedent basis for this limitation in the claim. 
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8. The following words or phrases are not clearly understood rendering the 
corresponding claims vague or indefinite: 

a) "inserted permanently into the network", in claims 1 and 4, line 6. It is not 
clear whether the authority or the device inserts between the server and the 
client. 

b) "translate the transmitted messages", in claims 1 and 4, lines 8-9. It is not 
clear what the "translating" process means within the scope of the claim. 

Claim Rejections - 35 USC § 101 

9. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claims 1 and 4 are rejected under 35 U.S.C. 101 because the claimed invention 
is directed to non-statutory subject matter. 

Claims 1 and 4 are directed to a method or device for performing a data 
exchanged between a client and a server over a data transmission network. The claims 
are not limited to tangible embodiment. As such, the claims are not limited to statutory 
subject matter and is therefore non-statutory. 

Claim 1 is directed to a method claim, however the claim recites no acts or steps 
involved in the method claim, results in an improper definition of a method, i.e., results 
in a claim which is not a proper method claim under 35 U.S.C. 101. See for example Ex 
parte Dunki, 153 USPQ 678 (Bd.App. 1967) and Clinical Products, Ltd. v. Brenner, 255 
F. Supp. 131, 149 USPQ 475 (D.D.C. 1966). 
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Claim Rejections - 35 USC § 102 

1 0. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

11. Claims 1-9 are rejected under 35 U.S.C. 102(e) as being anticipated by Urien 
(US 2002/0138549) (hereinafter Urien). 

12. Regarding claim 1 , Urien teaches a method of securing messages exchanged 
over a data transmission network between a server (1) and a small client (2) that does 
not have the resources necessary for providing security functions, under the control of 
an authority that defines message exchange rules, wherein control is provided in a 
decentralized manner by a representative (3) of the authority , inserted permanently into 
the network in the vicinity of the client (2) and between the server (1) and the client (2) 
during the secure exchange of messages (Urien: see figure 6 and paragraphs [0043, 
0157, 0153, 0216-0218]: a smart card cited in Urien inserts between a client and a 
server, which controls data exchanged between the client and the server), to translate 
transmitted messages and to apply verifications decided on by the authority to 
transmitted messages (Urien: see figure 6 item 28 and paragraphs [0043-0044, 0046, 
0054, 0193, 0216]: a filter of the smart card performs encryption/decryption operation to 
the data exchanged between the client and the server). 
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13. Regarding claim 2, Urien teaches wherein a first protocol (P) is used for 
exchanges between the server (1) and the representative (3) of the authority, and a 
second protocol (P') different from the first protocol (P) is used for exchanges between 
the representative (3) of the authority and the client (2) (Urien: see figure 6 and 
paragraphs [0049-0051, 0077, 0083]). 

14. Regarding claim 3, Urien teaches wherein, for the exchange of messages: a first 
secure channel (4) is set up between the server (1) and the representative (3) of the 
authority, using a first key (Ks) known to the representative (3) of the authority and to 
the server (1) but not to the client (2), and using a first encryption algorithm (AL), and a 
second secure channel (5) is set up between the representative (3) of the authority and 
the client (2), using a second key (Kc) known to the representative (3) of the authority 
and to the client (2) but not to the server (1), and using a second encryption algorithm 
(AL') (Urien: see figure 6 and paragraphs [0157, 0193, 0219, 0244-0245, 0247, 0252- 
0253]). 

1 5. Regarding claim 4, this claim has limitations that is similar to those of claim 1 , 
thus it is rejected with the same rationale applied against claim 1 above. 

16. Regarding claim 5, Urien teaches wherein the decentralized control device or 
representative (3) of the authority is a data processing microsystem secured by 
hardware, inserted permanently between the server (1) and the client (2) during the 
exchange of messages (Urien: see figure 6 and paragraph [0247]). 

17. Regarding claim 6, Urien teaches wherein: the server (1) is a data processing 
system comprising an input-output port (1a) (Urien: see figure 6 and Abstract section); 
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the client (2) is a data processing microsystem comprising an input-output port (12) 
(Urien: see figure 6); the representative (3) of the authority is a data processing 
microsystem secured by hardware and comprising an interface device (13) (Urien: see 
figure 6 and Abstract section); a dedicated interface system (7) is provided, comprising 
an input-output port (8) connected to the input-output port (1a) of the server data 
processing system (1), comprising a card port (9) connected to the input-output port 
(12) of the client data processing microsystem (2), comprising an input-output port (10) 
connected to the interface device (13) of the representative (3) of the authority data 
processing microsystem, and comprising a controller (11) programmed to control 
communication between the input-output ports (8), (9) and (10) (Urien: see figure 6); the 
controller (11) and the representative (3) of the authority are programmed so that: the 
server data processing system (1) sends a request A to the client data processing 
microsystem (2), and that request is received by the controller (11) (Urien: see figure 6 
and paragraph [0247 and 0253]); the controller (11) transmits the request A to the 
representative (3) of the authority, which sends it back a response Ra (Urien: see figure 
6 and paragraphs [0054, 0157, 0216, 0247 and 0253]); the controller (11) uses that 
response Ra to calculate a request A' that is sent to the client data processing 
microsystem (2) (Urien: see figure 6 and paragraphs [0054, 0157, 0216, 0247 and 
0253]); the client data processing microsystem (2) processes the request A to prepare 
a response B' (Urien: see figure 6 and paragraphs [0054, 0157, 0216, 0247 and 0253]); 
the client data processing microsystem (2) sends the response B' to the server data 
processing system (1) (Urien: see figure 6 and paragraphs [0054, 0157, 0216, 0247, 
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0253]); that response is received by the controller (11); the controller (11) transmits the 
response B' to the representative (3) of the authority, which sends it back a response 
Rb (Urien: see figure 6 and paragraphs [0054, 0157, 0216, 0247 and 0253]); the 
controller (11) uses that response Rb to calculate a response B that is sent to the server 
data processing system (1) (Urien: see figure 6 and paragraphs [0054, 0157, 0216, 
0247 and 0253]). 

18. Regarding claim 7, Urien teaches the client (2) is a smart card; the representative 
(3) of the authority is a smart card; the dedicated interface system is a smart card 
reader (7) comprising two card ports (9) and (10) (Urien: see figure 6 and Abstract 
section). 

19. Regarding claim 8, Urien teaches wherein: the client (2) is a mobile 
communication system; the server (1) is a data processing system communicating with 
the client (2) via a physical connection or via a wireless communication network; the 
representative (3) of the authority is a smart card representing the operator of the 
wireless communication network (known as the SIM card in telephones conforming to 
the GSM standard) (Urien: see figure 6 and Abstract section and paragraphs [0004 and 
0087]). 

20. Regarding claim 9, Urien teaches the client (2) is a smart card; the representative 
(3) of the authority is a data processing system secured by hardware; the dedicated 
interface system (7) is a machine comprising a card port (9) and a dedicated input- 
output interface (10) for connection to the representative (3) of the authority data 
processing system (Urien: see figure 6 and Abstract section). 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Trang Doan whose telephone number is (571) 272- 
0740. The examiner can normally be reached on Monday-Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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